Inactive Infected with serifyf ;c

Status
Not open for further replies.
Sardin

Sardin

Hi it seems my laptop got this problem aswell..

Windows 64 ultimate

log:

Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
Ran by SYSTEM at 02-07-2012 21:19:35
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060320 2010-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [212480 2010-03-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2011-08-22] (VMware, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-03-30] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Sardin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Sardin\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [954256 2012-03-30] (Samsung)
HKU\Sardin\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-03-30] ()
HKU\Sardin\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Sardin\...\Run: [Client Server Runtime Process] C:\Users\Sardin\AppData\Roaming\csrss.exe [60448 2012-07-02] (Jeantech)
HKU\Sardin\...\Run: [Host-process Windows (Rundll32.exe)] C:\Users\Sardin\AppData\Roaming\csrss.exe [60448 2012-07-02] (Jeantech)
HKU\Sardin\...\Run: [Service Host Process for Windows] C:\Users\Sardin\AppData\Roaming\svchost.exe [60448 2012-07-02] (Jeantech)
Tcpip\..\Interfaces\{2E641E85-27F7-4BCF-98E8-93FE2D9CC4E2}: [NameServer]192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Sardin\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-28] (Sony Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [217456 2010-03-02] (Sony Corporation)
3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [44736 2011-02-14] (Sony Corporation)
3 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2011-12-13] ()

========================== Drivers (Whitelisted) =============

3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-11-20] (DT Soft Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 VBTUSB; C:\Windows\System32\Drivers\VBTUSB.sys [14848 2010-03-21] (Sony Corporation)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-02 21:19 - 2012-07-02 21:19 - 00000000 ____D C:\FRST
2012-07-02 11:02 - 2012-07-02 11:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.501A537A96D30784
2012-07-02 10:59 - 2012-07-02 10:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.836CAEE726DFEA36
2012-07-02 10:59 - 2012-07-02 10:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-02 10:59 - 2012-07-02 10:59 - 00000000 ____D C:\Users\Sardin\AppData\Roaming\Malwarebytes
2012-07-02 10:59 - 2012-07-02 10:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-02 10:59 - 2012-07-02 10:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-02 10:59 - 2012-04-04 05:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 10:42 - 2012-07-02 10:42 - 00001266 ____A C:\Users\Sardin\Desktop\shutdown.lnk
2012-07-02 10:34 - 2012-07-02 10:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F9AF4416973143A
2012-07-02 10:23 - 2012-07-02 10:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E53515C27FE87CD9
2012-07-02 10:20 - 2012-07-02 10:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-02 10:19 - 2012-07-02 10:19 - 12621696 ____A (Microsoft Corporation) C:\Users\Sardin\Downloads\mseinstall(1).exe
2012-07-02 10:15 - 2012-07-02 03:16 - 00060448 __RSH (Jeantech) C:\Users\Sardin\AppData\Roaming\svchost.exe
2012-07-02 10:15 - 2012-07-02 03:16 - 00060448 __RSH (Jeantech) C:\Users\Sardin\AppData\Roaming\rundll32.exe
2012-07-02 10:15 - 2012-07-02 03:16 - 00060448 __RSH (Jeantech) C:\Users\Sardin\AppData\Roaming\csrss.exe
2012-07-02 07:14 - 2012-07-02 07:14 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-29 14:28 - 2012-06-29 14:28 - 03268872 ____A C:\Users\Sardin\Downloads\Madoka Rap(1).mp3
2012-06-25 09:29 - 2012-06-25 09:29 - 00068114 ____A C:\Users\Sardin\AppData\Local\RAContactHistory.xml
2012-06-25 09:29 - 2012-06-25 09:29 - 00000000 ____D C:\Users\Sardin\AppData\Roaming\PeerNetworking
2012-06-25 09:28 - 2012-06-25 09:28 - 00000000 ___AH C:\Users\Sardin\Documents\Default.rdp
2012-06-24 05:59 - 2012-06-24 09:33 - 00450634 ____A C:\Users\Sardin\Desktop\StefanReleasemanagement.rtf
2012-06-23 07:49 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-23 07:49 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-23 07:49 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-23 07:49 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-23 07:49 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-23 07:49 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 01:22 - 2012-07-02 11:05 - 00000952 ____A C:\Windows\setupact.log
2012-06-21 01:22 - 2012-06-21 01:22 - 00002452 ____A C:\Windows\PFRO.log
2012-06-21 01:22 - 2012-06-21 01:22 - 00000000 ____A C:\Windows\setuperr.log
2012-06-19 23:31 - 2012-06-19 23:31 - 00000925 ____A C:\Users\Sardin\Documents\My Sharing Folders.lnk
2012-06-19 23:08 - 2012-06-19 23:08 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-06-19 23:07 - 2012-06-19 23:07 - 00000000 ____D C:\Windows\PCHEALTH
2012-06-19 22:57 - 2012-06-19 22:57 - 00000000 ____D C:\Users\Sardin\Downloads\Resource Hacker v3.6.0.92
2012-06-19 22:55 - 2012-06-19 22:55 - 00592793 ____A C:\Users\Sardin\Downloads\Resource Hacker v3.6.0.92.zip
2012-06-19 22:50 - 2012-06-19 22:50 - 00000000 ____D C:\Users\Sardin\Documents\My Received Files
2012-06-19 22:47 - 2012-06-19 23:08 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-06-19 22:43 - 2012-06-19 22:44 - 17167872 ____A C:\Users\Sardin\Downloads\Windows Live Messenger v8.5.1302.1018.msi
2012-06-19 22:43 - 2012-06-19 22:44 - 00268704 ____A (Mess With Messenger - www.mess.be) C:\Users\Sardin\Downloads\Mess Patch v8.5.1302.exe
2012-06-19 22:13 - 2012-06-19 22:13 - 00000000 ____D C:\Users\Sardin\Documents\Mijn ontvangen bestanden
2012-06-19 22:12 - 2012-06-19 22:12 - 00000000 ____D C:\Users\Sardin\AppData\Local\{1809C3E7-1FBD-40A8-AEEE-C77E9A51DA71}
2012-06-19 22:11 - 2012-06-19 22:12 - 00000000 ____D C:\Users\Sardin\AppData\Local\{D596EAAE-417C-4BA6-BE03-4F5A4DF2877A}
2012-06-18 01:16 - 2012-06-18 01:16 - 00000951 ____A C:\Users\Public\Desktop\mIRC.lnk
2012-06-18 01:15 - 2012-06-18 01:15 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Sardin\Downloads\mirc725.exe
2012-06-18 01:14 - 2012-06-18 01:17 - 401190184 ____A (Microsoft Corporation) C:\Users\Sardin\Downloads\X16-37699.exe
2012-06-11 23:56 - 2012-06-11 23:56 - 00000000 ____D C:\Users\Sardin\AppData\Local\Macromedia
2012-06-03 13:02 - 2012-06-03 13:49 - 00000000 ____D C:\Users\Sardin\Desktop\Neon Genesis Evangelion [DUAL AUDIO]

============ 3 Months Modified Files ========================

2012-07-02 11:06 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-02 11:05 - 2012-06-21 01:22 - 00000952 ____A C:\Windows\setupact.log
2012-07-02 11:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-02 11:02 - 2012-07-02 11:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.501A537A96D30784
2012-07-02 10:59 - 2012-07-02 10:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.836CAEE726DFEA36
2012-07-02 10:59 - 2012-07-02 10:59 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-02 10:42 - 2012-07-02 10:42 - 00001266 ____A C:\Users\Sardin\Desktop\shutdown.lnk
2012-07-02 10:34 - 2012-07-02 10:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F9AF4416973143A
2012-07-02 10:23 - 2012-07-02 10:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E53515C27FE87CD9
2012-07-02 10:21 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-02 10:21 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 10:20 - 2011-11-21 00:18 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-02 10:20 - 2011-11-21 00:17 - 00726776 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-02 10:19 - 2012-07-02 10:19 - 12621696 ____A (Microsoft Corporation) C:\Users\Sardin\Downloads\mseinstall(1).exe
2012-07-02 10:09 - 2012-04-01 23:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-02 07:11 - 2009-07-13 21:13 - 00721234 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 07:10 - 2011-11-18 09:02 - 01853065 ____A C:\Windows\WindowsUpdate.log
2012-07-02 03:17 - 2012-04-01 23:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-02 03:17 - 2011-11-18 09:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-02 03:16 - 2012-07-02 10:15 - 00060448 __RSH (Jeantech) C:\Users\Sardin\AppData\Roaming\svchost.exe
2012-07-02 03:16 - 2012-07-02 10:15 - 00060448 __RSH (Jeantech) C:\Users\Sardin\AppData\Roaming\rundll32.exe
2012-07-02 03:16 - 2012-07-02 10:15 - 00060448 __RSH (Jeantech) C:\Users\Sardin\AppData\Roaming\csrss.exe
2012-06-29 14:28 - 2012-06-29 14:28 - 03268872 ____A C:\Users\Sardin\Downloads\Madoka Rap(1).mp3
2012-06-25 09:29 - 2012-06-25 09:29 - 00068114 ____A C:\Users\Sardin\AppData\Local\RAContactHistory.xml
2012-06-25 09:28 - 2012-06-25 09:28 - 00000000 ___AH C:\Users\Sardin\Documents\Default.rdp
2012-06-24 09:33 - 2012-06-24 05:59 - 00450634 ____A C:\Users\Sardin\Desktop\StefanReleasemanagement.rtf
2012-06-21 01:22 - 2012-06-21 01:22 - 00002452 ____A C:\Windows\PFRO.log
2012-06-21 01:22 - 2012-06-21 01:22 - 00000000 ____A C:\Windows\setuperr.log
2012-06-19 23:31 - 2012-06-19 23:31 - 00000925 ____A C:\Users\Sardin\Documents\My Sharing Folders.lnk
2012-06-19 22:55 - 2012-06-19 22:55 - 00592793 ____A C:\Users\Sardin\Downloads\Resource Hacker v3.6.0.92.zip
2012-06-19 22:44 - 2012-06-19 22:43 - 17167872 ____A C:\Users\Sardin\Downloads\Windows Live Messenger v8.5.1302.1018.msi
2012-06-19 22:44 - 2012-06-19 22:43 - 00268704 ____A (Mess With Messenger - www.mess.be) C:\Users\Sardin\Downloads\Mess Patch v8.5.1302.exe
2012-06-19 08:56 - 2009-07-13 20:45 - 00415272 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-18 22:59 - 2011-11-18 09:10 - 00108840 ____A C:\Users\Sardin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-18 01:19 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-06-18 01:17 - 2012-06-18 01:14 - 401190184 ____A (Microsoft Corporation) C:\Users\Sardin\Downloads\X16-37699.exe
2012-06-18 01:16 - 2012-06-18 01:16 - 00000951 ____A C:\Users\Public\Desktop\mIRC.lnk
2012-06-18 01:15 - 2012-06-18 01:15 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Sardin\Downloads\mirc725.exe
2012-06-12 00:56 - 2011-11-30 15:19 - 00018578 ____A C:\test.xml
2012-06-02 14:19 - 2012-06-23 07:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 07:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 07:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:15 - 2012-06-23 07:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 05:19 - 2012-06-23 07:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-23 07:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-24 13:50 - 2012-05-24 13:50 - 03268872 ____A C:\Users\Sardin\Downloads\Madoka Rap.mp3
2012-05-24 01:26 - 2012-05-24 01:26 - 01552078 ____A (Toshiyuki Masui ) C:\Users\Sardin\Downloads\Gyazo-1.0(1).exe
2012-05-20 14:52 - 2012-05-20 14:52 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-20 14:52 - 2012-05-20 14:52 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-20 14:52 - 2012-05-20 14:52 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-20 14:52 - 2012-05-20 14:52 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-20 14:52 - 2012-01-27 14:18 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-13 02:35 - 2012-05-12 22:24 - 451428504 ____A C:\Users\Sardin\Downloads\GakiNoTsukai_Airport_Batsu_2011.part4.rar
2012-05-12 22:13 - 2012-05-12 15:25 - 734003200 ____A C:\Users\Sardin\Downloads\GakiNoTsukai_Airport_Batsu_2011.part1.rar
2012-05-12 19:34 - 2012-05-12 15:28 - 734003200 ____A C:\Users\Sardin\Downloads\GakiNoTsukai_Airport_Batsu_2011.part2.rar
2012-05-12 17:21 - 2012-05-12 15:29 - 734003200 ____A C:\Users\Sardin\Downloads\GakiNoTsukai_Airport_Batsu_2011.part3.rar
2012-05-12 15:25 - 2012-05-12 15:25 - 00539167 ____A C:\Users\Sardin\Downloads\2011_Airport_Batsu_Final.***
2012-05-08 02:06 - 2012-05-08 02:03 - 421674673 ____A C:\Users\Sardin\Downloads\BWise.rar
2012-04-25 06:42 - 2012-04-25 06:42 - 93126984 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Sardin\Downloads\Kies_2.3.0.12035_16_4.exe
2012-04-21 16:28 - 2012-04-21 16:28 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Sardin\Downloads\jxpiinstall(1).exe
2012-04-04 05:56 - 2012-07-02 10:59 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


ZeroAccess:
C:\Windows\Installer\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}
C:\Windows\Installer\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}\@
C:\Windows\Installer\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}\L
C:\Windows\Installer\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}\n
C:\Windows\Installer\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}\U
C:\Windows\Installer\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}\U\00000001.@
C:\Windows\Installer\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}\U\800000cb.@

ZeroAccess:
C:\Users\Sardin\AppData\Local\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}
C:\Users\Sardin\AppData\Local\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}\@
C:\Users\Sardin\AppData\Local\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}\L
C:\Users\Sardin\AppData\Local\{f5bd0e19-17a5-84fc-6a60-cbe39aac48da}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4014.08 MB
Available physical RAM: 3396.68 MB
Total Pagefile: 4012.23 MB
Available Pagefile: 3393.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:455.44 GB) (Free:174.18 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:10.22 GB) (Free:0.8 GB) NTFS
4 Drive g: () (Removable) (Total:14.92 GB) (Free:14.88 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 10 GB 1024 KB
Partition 2 Primary 100 MB 10 GB
Partition 3 Primary 455 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 10 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 455 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 14 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-27 15:13

======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back